JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-05T15:11:48.424Z
Reserved: 2017-01-29T00:00:00
Link: CVE-2017-5653

No data.

Status : Deferred
Published: 2017-04-18T16:59:00.150
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-5653


No data.